Calendar An icon of a desk calendar. Cancel An icon of a circle with a diagonal line across. Caret An icon of a block arrow pointing to the right. Email An icon of a paper envelope. Facebook An icon of the Facebook "f" mark. Google An icon of the Google "G" mark. Linked In An icon of the Linked In "in" mark. Logout An icon representing logout. Profile An icon that resembles human head and shoulders. Telephone An icon of a traditional telephone receiver. Tick An icon of a tick mark. Is Public An icon of a human eye and eyelashes. Is Not Public An icon of a human eye and eyelashes with a diagonal line through it. Pause Icon A two-lined pause icon for stopping interactions. Quote Mark A opening quote mark. Quote Mark A closing quote mark. Arrow An icon of an arrow. Folder An icon of a paper folder. Breaking An icon of an exclamation mark on a circular background. Camera An icon of a digital camera. Caret An icon of a caret arrow. Clock An icon of a clock face. Close An icon of the an X shape. Close Icon An icon used to represent where to interact to collapse or dismiss a component Comment An icon of a speech bubble. Comments An icon of a speech bubble, denoting user comments. Ellipsis An icon of 3 horizontal dots. Envelope An icon of a paper envelope. Facebook An icon of a facebook f logo. Camera An icon of a digital camera. Home An icon of a house. Instagram An icon of the Instagram logo. LinkedIn An icon of the LinkedIn logo. Magnifying Glass An icon of a magnifying glass. Search Icon A magnifying glass icon that is used to represent the function of searching. Menu An icon of 3 horizontal lines. Hamburger Menu Icon An icon used to represent a collapsed menu. Next An icon of an arrow pointing to the right. Notice An explanation mark centred inside a circle. Previous An icon of an arrow pointing to the left. Rating An icon of a star. Tag An icon of a tag. Twitter An icon of the Twitter logo. Video Camera An icon of a video camera shape. Speech Bubble Icon A icon displaying a speech bubble WhatsApp An icon of the WhatsApp logo. Information An icon of an information logo. Plus A mathematical 'plus' symbol. Duration An icon indicating Time. Success Tick An icon of a green tick. Success Tick Timeout An icon of a greyed out success tick. Loading Spinner An icon of a loading spinner.

Banks leaving customers vulnerable to fraudulent ‘spoofing’ scams, says Which?

Some banks may be leaving customers vulnerable to fraudulent spoofing attempts, a Which? investigation suggests (Yui Mok/PA)
Some banks may be leaving customers vulnerable to fraudulent spoofing attempts, a Which? investigation suggests (Yui Mok/PA)

Some banks may be leaving customers vulnerable to fraudulent spoofing attempts, a Which? investigation has suggested.

Spoofing, where fraudsters impersonate legitimate companies, is a common tactic used to deceive victims.

Scammers forge the name or number that comes up on an email, phone call or text so it appears to match that of a genuine firm.

To make it harder for fraudsters to impersonate them, companies can sign up to regulator Ofcom’s Do Not Originate (DNO) list – a shared resource with telecoms providers to help them identify and block calls likely to be spoofed.

To test how effective banks were at protecting their customers, Which? made calls to a test phone, spoofing the prominent numbers of 14 current account providers. Firms’ numbers were chosen if they were the ones printed on the back of debit cards or listed as fraud helplines on their websites.

The consumer group said that at least one phone number from HSBC, Lloyds Bank, Santander, TSB, Nationwide Building Society and Virgin Money was successfully spoofed.

A previous Which? survey among fraud victims found that of those who were initially approached by either phone or text, two-thirds (68%) said the incident involved number spoofing.

Ofcom recently strengthened its rules and guidance to require telephone networks involved in transmitting calls – either to mobiles or landlines – to identify and block spoofed calls, where technically feasible, making it harder for scammers to use spoofed numbers.

Rocio Concha, Which? director of policy and advocacy, said: “Number spoofing is a particularly malicious form of fraud used by scammers to deceive their victims – and our research shows some banks could potentially be leaving their customers at risk.”

A spokesperson for trade association UK Finance said: “Protecting customers from fraud is a top priority for the finance industry which is why we are actively working with the regulator Ofcom to help crack down on number spoofing.

“This initiative prevents criminals impersonating banks by protecting bank inbound phone numbers from being used to make outbound calls and socially engineer or scam bank customers.

“It is important to remember that anyone can be caught out by these criminals and that you should always stay alert.

“To help stay safe, customers should always follow the advice of our Take Five to Stop Fraud campaign and question any uninvited call requesting their personal information or money in case it’s a scam.”

A HSBC spokesperson told Which?: “We are participants of the Do Not Originate scheme which provides additional protection, alongside numerous other measures, to help protect customers from scams and fraud.

“We regularly review the numbers we have registered with a view to additional entries where it is appropriate to do so. We are currently in the process of adding those two numbers to those already on the register.”

Lloyds Bank said: “Banks can’t solve the problem of number spoofing alone and telecoms firms need to speedily address the technical gaps in their systems that allow this type of fraud to happen, even with Do Not Originate lists in place.”

A Nationwide spokesperson told the consumer group: “Nationwide takes the protection of its members seriously and our contact numbers are on the Do Not Originate list – and therefore cannot be spoofed.

“However, it appears one of our numbers was inadvertently missed, for which we would like to thank Which? for bringing to our attention. We can confirm this is now being added to our list of protected numbers for future.”

A Santander spokesperson told Which?: “Thank you for bringing this to our attention.

“We have now requested that Ofcom adds this number to the DNO list. As part of the measures we take to protect customers against fraud, we aim to include all our inbound-only customer service phone numbers on the DNO list, which provides some protection against spoofing but is not 100% comprehensive.”

TSB said that all relevant TSB numbers are now on Do Not Originate.

A Virgin Money spokesperson said: “Virgin Money currently has over 40 numbers registered for the Do Not Originate service and we continue to add numbers to this to ensure as much coverage as possible.

“The list is not a guarantee that spoofing won’t occur as not all providers use the list and technology constraints can mean that some calls get through, however, we will raise this with them and ensure that all the numbers you highlighted are registered.”