Action Fraud is warning the public about a sharp rise in fraudsters sending out fake text messages and phishing emails claiming to be from TSB.
- Since the start of May, there have been 321 phishing reports made to Action Fraud – an increase on the previous month where 30 reports were made.
- In the same reporting period, there have been 51 reports of cybercrime to Action Fraud which mention TSB – an increase on the previous month, where 24 reports were made.
- Action Fraud and TSB are working together to combat fraud and help keep all consumers safe.
How is this happening?
The increase in the number of reports being sent to Action Fraud is in part linked to the system issue some TSB customers have experienced over recent weeks. Opportunistic fraudsters are using TSB’s system issue to target people with this type of fraud. TSB, or any bank, will never ask for a PIN, password or full memorable information by email or text.
Fraudsters are commonly using text messages as a way to defraud unsuspecting victims out of money. This is called smishing (SMS + fishing). Of the smishing attempts reported to Action Fraud, 80% requested that the recipient click onto a website link. The second most common delivery technique reported has been email.
Fraudsters are using specialist software which changes the sender ID on text messages so that it looks like messages are being sent by TSB. In some instances, this spoofed text is being added to existing TSB message threads on victim’s phones.
Should someone click on the link within a spoofed text message and enter their personal information, the fraudsters then call the victim back and persuade them to hand over their one off code from their mobile phone. The fraudsters can then empty the victim’s account.
Director of Action Fraud, Pauline Smith, said:
“We have seen an increase in opportunistic fraudsters sending text messages claiming to be from TSB that ask people to reply with their personal or banking details.
“This can have a devastating effect on people, who can lose out on large sums of money.
“Don’t assume anyone who’s sent you a text message is who they say they are. If a text message asks you to make a payment, log in to an online account or offers you a deal, be cautious and report it to Action Fraud.”
A TSB Fraud spokesperson said:
“While our systems are safe and secure, unfortunately fraudsters are increasingly sophisticated and looking to take advantage of situations like these by approaching customers.
Protecting our customers’ information is our number one priority. We are doing all we can to ensure customers don’t become a victim of fraud, whether they bank with us in branch, online or via the telephone and this is something we are working on with Action Fraud and a number of external organisations. We are also working with these organisations to help them identify fraudulent sites so we can take them down as quickly as possible.”
Don’t assume an email or text is authentic:
There's been a surge in reports of these timely fake @TSB emails in the past couple of weeks! Most of the ones we've seen lead to cloned internet banking login pages! #PhishyFridays
? Report them to us: https://t.co/0PsaQjRG4P pic.twitter.com/SebE5eeJZQ— Action Fraud (@actionfrauduk) May 11, 2018
Always question uninvited approaches in case it’s a scam. Phone numbers and email addresses can be spoofed, so always contact the company directly via a known email or phone number (such as the one on the back of your bank card).
Clicking on links/files:
Don’t be tricked into giving a fraudster access to your personal or financial details. Never automatically click on a link in an unexpected text or email. Remember, a genuine bank will never contact you out of the blue to ask for your full PIN or password.
Report it:
If you think you have received a phishing email or text, report it to us.
If you have received a suspicious TSB email, please do not respond to it, report it to us and also forward it to [email protected].
Every Report Matters. If you have been a victim of fraud or cyber crime, report it to us online or by calling 0300 123 2040.
Visit Take Five and Cyber Aware for more information about how to protect yourself online.
Action Fraud is the UK’s national fraud and cyber crime reporting centre, providing a central point of contact for citizens and businesses. The National Fraud Intelligence Bureau (NFIB) also hosted by the City of London Police, acts upon the information and crimes reported to Action Fraud, developing and disseminating crime packages for investigation locally, regionally and nationally. The NFIB also execute a range of disruption and crime prevention techniques for victims across all sectors to target criminality and engineer out the threat from fraud and cyber crime.
