A 38-year-old victim of a banking scam which uses fraudulent text messages has spoken out after digital fraudsters were able to drain tens of thousands of pounds from her account. The technique, known as ''smishing'', is currently in operation in the UK, experts warn.
The culprits are spoofing mobile details to make the SMS messages look like they are being sent from a legitimate source. The texts warn your card has been used in a shop and – if you don't recognise the transaction – ask you call an embedded "fraud prevention" helpline.
Of course, this will transfer your call straight through to the fraudsters, who then pose as a friendly banking representative and ask you to "confirm" your credentials.
If you give them enough information to enter your account, money will quickly be siphoned out as they set up new payees. It's not sophisticated, but it works.
This week, one victim spoke out. Surrey-based Claire Pearson, 38, opened up to ITV's This Morning programme about the scam which targeted her father's inheritance fund of more than £71,000. The target's bank has declined to reimburse the lost money.
"I received the text, but this wasn't unusual as I've had messages from them before," explained Pearson, who is heavily pregnant with her first child. "It said there had been suspicious activity on my account, asked 'do you recognise this transaction?, if not call this number.'"
"I clicked the number and it called through, and the call went on for 30 minutes," she continued, adding: "The man I spoke to was lovely, we built up a rapport and he said they would send me a new card in three days." Pearson said that by the time she became suspicious it was too late.
Santander has effectively closed the case on the basis that Pearson willingly handed over access to her passwords to a third party. A spokesperson said: "We are very sympathetic to customers who are victims of scams and welcome the media's involvement in raising awareness of scams. We investigate all instances of fraud fully, as we have done with this case."
The statement concluded: "When there has been no Santander error and customers have divulged personal, security information, we cannot accept any responsibility for the losses on the account."
It was reportedly able to retrieve roughly £2,000 of funds.
Pearson told ITV: "They reversed one transaction as it was in process when I was on the call, and since then Santander have frozen the remaining receiving accounts and returned the money in them to me. But as far as the bank is concerned the case is closed."
Action Fraud, the UK's internet and advice watchdog, said the aim of smishing scams is to "trick you into thinking you're giving up personal information or making payments with someone you can trust, such as your bank, a government agency or a business or brand name."
'The new phishing'
Harry Wallop, a consumer issues journalist told ITV: "This text message scamming is known as smishing and it is the new phishing. They are spoofing a mobile number, with a message coming in to a string of legitimate texts you've already got from your bank.
"Alarm bells shouldn't necessarily have rung when the text come through – but you should always call the number on the back of your bank card, not a number in a text message. The second alarm bell should have rung when they asked for your password."
According to the UK's Financial Ombudsman there has been roughly 6,000 complaints about disputed banking transactions over the past two years. It said claims are typically decided by taking into account if the victim's bank has made an error – which in this instance was not the case.
Action Fraud has some top tips on how to stay safe from smishing attacks:
• Don't assume anyone who has sent you an email or text message – or has called your phone or left you a voicemail message – is who they say they are.
• If a phone call or voicemail, email or text message asks you to make a payment, log in to an online account or offers you a deal, be cautious.
• Never call numbers or follow links provided in suspicious texts; find the official website or customer support number using a separate browser and search engine.