Fraudsters are obtaining genuine banking customer security information and getting access to accounts by performing “man-in-the-middle” vishing scams.
The scam starts with fraudsters contacting people by a text, letter or email purporting to be from their bank, which requests that the victims contact them on a telephone number provided.
The victim phones the number provided, and the scammers redirect them to the bank; however as the call has been redirected, the criminals record the call being made, making a note of all the victim’s security answers and personal details.
The criminals then phone the bank at a later date purporting to be their customer and exploit the genuine credentials and security information gained to request a range of payments to be made from the account/s.
The reason why this scam is so successful is because the fraudster’s presence is unknown to both the victim and the bank.
In one report made to Action Fraud a victim was contacted directly by the scammers purporting to be the bank to request further details so that validation could be gained for further transactions.
It is unknown how victim details become compromised originally. In some instances victims have already been locked out of their telephone banking through incorrect security details being provided.
How to protect yourself from man-in-the-middle vishing scams
- Never provide personal or financial details to an unsolicited caller.
- Always contact the bank on a trusted number found on their website or correspondence that is known to be authentic, such as a statement.
- When contacting your bank, please request confirmation of any possible communication made by your bank, prior to giving out any personal details.
To report a fraud and receive a police crime reference number, call Action Fraud on 0300 123 2040 or use our online fraud reporting tool.