Scots bank customers are losing more than £120 million to fraud gangs every year, we can reveal.
Crooks armed only with phones and computers are plundering fortunes from private individuals and firms targeted with an arsenal of scams and cons.
International fraud experts warn official figures only reveal a small part of the global crime wave as a Sunday Post investigation reveals the scale of the bank robbery and how the criminals launder their dirty millions.
Dr Anton Moiseienko, research fellow at the Centre for Financial Crime and Security Studies at the Royal United Services Institute, said: “The number of prosecutions is certainly the tip of the iceberg.There are specific challenges regarding reporting and the cross-border nature of cybercrime, which means that a lot of the attacks would be carried out by people who the UK law enforcement would have a very limited ability to apprehend.
“That combined creates formidable challenges for law enforcement.”
Dr Moiseienko said the international nature of crime – with criminal gangs operating from abroad, or laundering stolen cash outside the UK – made them harder to stop.
He said: “In relation to people who carry out cyber attacks and steal money from UK customers, for example they take over bank accounts, a lot of those organised crime groups are based overseas.
“Therefore, one of the approaches law enforcement has been trying to take has been to make it more difficult for the money to leave the UK, so making it more difficult to misuse the financial system in order to channel the proceeds of crime and get them from the UK to an overseas destination.
“If the criminal is based overseas your ability to apprehend them and bring them to justice is limited, especially depending on the arrangement in place in the UK and the country concerned.
“But following the money and preventing the money from leaving the UK can be a promising avenue.”
Crooks carry out a wide range of frauds, including phishing or vishing scams, the use of ransomware and hacking bank accounts or ATMs.
Vishing involves phoning victims and tricking them into parting with bank or credit card details, which allows the criminals to transfer funds out of their account. Phishing is its online equivalent, usually involving fake emails.
It can result in authorised fraud, where the bank customer is persuaded to make the transfer to the criminal, or unauthorised fraud where the conman uses the details to gain access to the customer’s account.
Ransomware targets firms’ or individuals’ computers, shutting them down, and the crooks demanding a payment to remove the virus.
Tricking someone into sharing financial or personal information by posing in an email as a bank or other trusted institution
The telephone equivalent of phishing with plausible callers, sometimes armed with personal details, tricking victims into revealing passwords
Authorised Push Payment is the fastest growing type of swindle when victims are duped into sending their money into another account
Someone trying to trick you into giving them private information such as passwords via a text
Last month UK Finance, the trade association for the banking industry, published The Fraud The Facts 2019, which revealed the extent of the problem in the UK.
It found that, across the UK, criminals reaped £1.2 billion through frauds and scams.
But the banks themselves managed to stop a further £1bn being stolen, through greater diligence and hi-tech security systems.
Experts estimate about 10% of the stolen cash has been taken from Scottish firms and private bank customers.
In the report, Katy Worobec, UK Finance’s economic crime managing director, said: “Fraud poses a major threat to the UK. It’s a crime the finance industry is committed to tackling, but it’s also one that requires the combined efforts of every sector, both public and private, to overcome. Last year, the advanced security systems and innovations in which the finance industry invests to protect customers stopped more than £1.6bn of unauthorised fraud.
“But, despite this, criminals stole £1.2bn through fraud and scams.
“These crimes can have a devastating impact on victims.
“And, even if the customer gets the money back from their finance provider, the organised criminal gangs that perpetrate these frauds still profit from the proceeds… money that may go on to fund illicit acts that damage our society – crimes such as terrorism, drug-trafficking and people-smuggling.” Last year, £844.4m was stolen in unauthorised financial fraud involving payment cards, remote banking and cheques – an increase of 16% from 2017.
The report revealed a further £354.3m was seized via 84,624 incidents of authorised push payments – whereby customers are tricked into transferring funds.
Financial institutions are continuing to develop ways to detect fraud, including the use of behavioural biometrics.
Some banks already have software that identifies customers’ typing and swiping habits and even how they grip their smartphone when logged into a banking app.
A global digital identity tool is also in use, analysing billions of transactions worldwide plus geographical, device and historical data to build a picture of customers’ normal behaviour.
New rules requiring additional verification on high-value transactions will come into force in September.
As banks, businesses and the public become more aware of online scams, the fraudsters have changed their tactics.
Hence the number of fraudsters impersonating bank or building society employees fell in 2018, with criminals increasingly pretending to be organisations such as HMRC, online retailers or telecommunications firms.
And the true financial cost of fraud is far greater than the sums stolen.
Dr Moiseienko added: “The cost of cybercrime is not the same as the criminal revenues from cybercrime.
“So a criminal might steal £1 but the cost of remedying the vulnerability and dealing with the business disruption would be £10 or £20 for the company concerned.
“That makes it even more difficult to measure the cost of cybercrime.”
THE VICTIMS: ‘They said they were working with Disney and that I had won a holiday’
Duncan Sillars was duped out of £3,000 when he was emailed by fraudsters as he was recovering from a stroke.
The former civil servant, 55, from Dundee, received a genuine-looking email from what he thought was a reputable company.
“They said they were working for Disney and that I had won a holiday,” said Duncan.
“The email led me to a professional-looking website which gave me a number
“The person at the other end of the phone asked for credit card details in case I ran up additional bills at the Disney resort.
“That seemed plausible at the time.
“Then, just after I came off the phone, I realised I had done something foolish and called my credit card company.
“£3,000 had been taken from my account. I felt awful.”
The credit card firm refunded Duncan five months later, but not before it checked his mistake was genuine.
Duncan said he had to prove that he was not trying to defraud the card company.
“I made a stupid error when I was not at my best,” he added.
“If I had not been recovering from a stroke at the time, I would have been a bit wiser.”
He tracked the fraudsters down to the USA.
“They were in a tiny office in a back lane,” he added. “That will come as no surprise to anyone.”
After the money was repaid, he was then hounded by the fraudsters.
“They called me constantly, trying to extract more money from me.
“The bottom line is that these people never give up.”
Duncan now works in a call centre advising customers.
“If something looks too good to be true, it always is,” he said.
“Scammers’ stories change but their motives are always the same.”
THE GANGS: Scammers’ phone con paid for life of luxury
A crime gang leader faces having his assets seized after being convicted of duping unsuspecting victims out of their savings.
Mark Miller funded a lavish lifestyle by using a simple phone con to scam people out of hundreds of thousands of pounds.
They were led to believe there had been fraudulent activity on their bank accounts and handed over vital details.
Miller, 28, pleaded guilty at Glasgow Sheriff Court to, while acting with others, being part of a £359,473 fraud between December 2013 and April 2014.
Miller, who led a 13-strong Glasgow-based vishing gang, conned bank customers out of £360,000. He was jailed for 28 months.
He had spent thousands of pounds on three Audi cars, two jet skis and holidays before he was caught by Police Scotland.
The group worked across Clydebank and the Drumchapel and Yoker areas of Glasgow with victims identified in various locations, including Aberdeenshire and Northern Ireland.
Gang members would call people and claim the customer had fallen victim to fraud.
Typically, they’d suggest to victims they hang up and call the number on the back of their bank card if they had any concerns. The crook would leave the line open, automatically picking up the call.
Victims included a doctor, who was contacted by someone claiming to be from the fraud department of Danske Bank. He was later contacted by Danske Bank who told him £263,356 had been taken from his accounts.
Miller, from Hamilton, faces being stripped of his assets under a proceeds of crime confiscation order.
The criminals recruited people – known as mules – to use their own bank details as the transfer account to hold the victim’s money and provide the criminal group access to the funds.
THE BANKS: ‘Our top priority is keeping customers’ money safer and preventing fraud’
A second major high street bank is to join the TSB in pledging to refund customers who fall victim to any kind of fraud.
The Lloyds Banking Group, which includes the Bank of Scotland, says that customers who have been tricked by fraudsters – but who otherwise followed normal guidelines on keeping their account secure – will be refunded.
Last week the TSB became the first UK bank to make that pledge. Its “fraud refund guarantee” will cover cases where customers are tricked into authorising payments to crooks, as well as unauthorised transactions.
Lloyds Banking Group said: “Our top priority is keeping customers’ money safe from scams by stopping fraud from happening in the first place. Once implemented, we will ensure that our customers who have done the right thing and followed the best practice in the new code will always be refunded.
“Fighting fraud is a shared responsibility between banks, the police and all of us – the more we all know about how to spot it, the safer we will all be.”
Banks have been under pressure to help tackle the rise in sophisticated fraud.
Currently, victims who are tricked into transferring money directly from their account to a fraudster are less likely to be reimbursed, because they approved the payments.
Some £354m was lost last year through this type of scam, with firms returning just £83m to customers.