Bank account security: fraud and scams

Bank account fraud and cyber crime is on the rise, with several million cases being reported every year. Yet those figures could be worse if it wasn’t for the Banking Protocol, a UK wide scheme that enables bank staff to alert their local police force if they suspect a customer is being scammed. 

In the first half of 2020 alone, bank branch staff worked with police to stop £19 million of fraud. The figures from UK Finance mean the scheme has prevented victims losing a total of £116 million of fraud and led to 744 arrests since the scheme was introduced three years ago by UK Finance, National Trading Standards and local police forces. 

What is bank account fraud?

Bank account fraud occurs when someone illegally takes money from your bank account. It could happen as a result of identity theft, for example if you’ve thrown out financial documents that contain personal information, or if you’ve fallen victim to a scam. 

What are common bank account scams?

There are numerous different bank account scams, but one of the most common involves being asked to move money out of your account. 

You’ll usually receive a phone call from someone claiming to be from your bank informing you that your account has been accessed illegally. You’ll be told you need to transfer all the money into a ‘safe account’ elsewhere until the issue has been resolved. Instead, the fraudster simply moves the money into their own account or accounts.

Another common scam is an email or text from a fraudster claiming to be your bank and asking you to verify details such as your online banking passwords, PIN or account and card details. Often you’ll be told this is required due to a refund, security issues or even to stop fraud.

Some scammers will also clone bank websites so that when you click through from an email, the fraudster has access to all your personal information. Others will inform you there is an issue with your internet connection and ask to take control of your computer remotely with the aim of installing spyware to steal your banking details. 

Another effective scam involves tricking people into thinking they are moving money into a solicitor’s bank account for a house purchase, or to a builder. The criminals hack into genuine email accounts and send out false requests for payment.

What can a scammer do with my bank account number? 

If a scammer only has your bank account number and sort code, it’s unlikely they would be able to access your account without further information such as your online banking password or PIN. 

However, if you realise you have handed over your bank account number to a scammer you should still let your bank know as soon as possible so that they can act accordingly and stop any money being taken from your account. 

What should I do if my bank account is hacked? 

If your bank account has been hacked, phone your bank and inform them as soon as possible. Your bank will likely cancel and replace your debit or credit cards if they have been compromised (i.e. someone has or could spend on them), as well as increase security on your account to stop further unauthorised transactions. 

Providing you have not been negligent with your bank details, your bank should also refund any money that has been taken. 

You should then change all your bank account passwords as well as your PIN(s). Make sure your passwords are 10-20 characters long, using both upper and lower case, as well as numbers and symbols. Avoid obvious passwords such as birthdays or names. 

It’s also worth checking your credit report to make sure the hacker has not tried to open a credit card or another account in your name. 

How to prevent being scammed: Stop and think

There are a number of steps you can take to help you spot and prevent a financial scam. 

Take Five to Stop Fraud is a government initiative that recommends you are vigilant in the following situations:

  1. Requests to move money: your bank, utility providers, and other big companies will never contact you directly to ask for your PIN, password, or to move money to another account. You should only ever provide personal or financial details when you actively consent to it – when you sign up for a new service, for example – or when you are expecting to be contacted by someone from a financial institution or service provider.

  2. Clicking on links or downloading files: never click on a link or download a file from an unexpected email or text. Odds are, a criminal is trying to load malware onto your device that will give them access to your personal and financial details. If in doubt, phone up the person who messaged you and ask if they really sent it.

  3. Personal information: likewise, be very wary of unexpected requests for any kind of personal info via phone, email, or text. Instead, contact the company or person directly using a known email or phone number and confirm that they need your personal info.

In addition, you should ensure anti-virus software is up to date on all computers and devices and that spam filters are set to high. Always avoid public networks for online banking and be sure to check for website security - secure URLs start with ‘https’, not ‘http’. 

Protect yourself from fraud

When it comes to all aspects of your finances, it is important to stay alert and think things through, says Dr Jane Cox, an international human performance specialist, and wealth psychology expert.

“Do your due diligence when it comes to making a big financial decision,” she says. “Don’t believe everything you hear.”

If you need to make a large payment from your bank account, it is important to double-check the details by ringing the payee and confirming their bank details.

Remain involved with your money and keep an eye on how it is working for you. Hands off investors are very vulnerable to losing out. If it sounds too good to be true it probably is too good to be true.


15 December 2020