The Police Service of Northern Ireland is advising people to be on their guard following a recent incident in which a scammer posed as a caller from the victim's bank, resulting in the victim losing £30,000.
The victim, who lives in County Down, was contacted by a man who claimed he worked for his bank. The man advised the victim that someone was attempting to transfer a large sum from his account and had added a new telephone number. He was told that in order to reset the account to the correct telephone number he would receive a code via text message which he should provide to the man.
Superintendent Gerard Pollock, Chairperson of the Scamwise NI Partnership, said: "This scam was very convincing, because the criminal used security features designed to protect against scams to gain access to the victim’s account and steal from him.
“The criminal was able to build trust with the victim by going through transactions on his account, spending an hour and a half in total on the phone with him. In doing so, the fraudster was able to convince the victim to share codes sent by text message, despite these texts specifically saying that they should not be shared with anyone else.
“Unfortunately, by the time the victim realised that he was not speaking with his bank and had his account frozen, he had already been defrauded of £30,000. Thankfully, on this occasion, his bank reimbursed the monies lost, but others have not been so lucky.”
Superintendent Pollock continued: “This scam exploits a key security feature which banks have put in place to beat scammers. Two factor authentication, known as 2FA, should provide an extra layer of protection to confirm to the bank that the person who they are dealing with is who they say they are. In this case, and increasingly, criminals are using it against us to gain access to even more money.
"2FA is a fantastic development in improving the security of all our accounts, but it only works if we keep the codes secure. My message is simple - no genuine bank employee will ever ask you for the one-time-code.
“Sharing this code is the modern day equivalent of telling someone your PIN. With access to this code, criminals have the ability to:
· Login to online banking;
· Set up new payments;
· Authorise payments;
· Verify details.
“The number from which you receive a call may look genuine; but you should never disclose your personal or banking details to anyone over the phone or online, no matter how convincing they may seem.
“Guarding your two factor authentication codes is essential. Never disclose them to any unauthorised person or allow anyone access to them.
“If you get a similar call, please put the phone down and report the incident online at www.psni.police.uk/makeareport or call police on the non-emergency number 101. You can also report to Action Fraud via their website www.actionfraud.police.uk or by phoning 0300 123 2040.
“For further advice and information visit www.nidirect.gov.uk/scamwiseni or the ScamwiseNI Facebook page.”