Centre

This scam involves fraudsters tricking clients into handing over their bank card(s) and PIN(s) by pretending to be either a Bank or Law Enforcement official.

Often this will start with an unexpected phone call from an individual who claims to be from the bank’s fraud department or Law Enforcement. The caller will advise that they have identified fraudulent transactions on your account and that your card has been compromised.

To gain your trust, the caller will prompt you to verify the call by phoning the telephone number printed on the back of your card or providing you with an unverified telephone number.

However, fraudsters often use techniques to hold your phone line open, so that when you try to dial out they can intercept and re-answer the call.

The fraudster will advise that your bank card(s) must be collected in order to protect your card/account and assist with any investigation. They will normally ask you to put your card into an envelope and then ask you to either key your PIN via the phone keypad or to write it down and insert it into the envelope with the card.

The fraudster will then arrange for a courier or someone dressed as a law enforcement officer, to come to your home and collect the card and provide you with a fake reference number. Once the fraudster obtains your card(s) and PIN(s), they can gain access to your account and carry out fraudulent transactions.

Please note that from time to time, the bank may genuinely call you for fraud prevention purposes to verify whether a transaction is genuine.

However, we will NEVER ask to collect your card as part of a fraud investigation or ask you to disclose your PIN, card details or any online banking credentials.

Phishing is a method used by fraudsters to access valuable personal details, such as usernames and passwords which can have a monetary value to criminals.

Phishing can also involve sending malicious attachments or website links in an effort to infect computers or mobile devices (this is known as malware - malicious software). Very often these appear to be authentic communications from legitimate organisations. Embedded links within the message can direct you to a hoax website where your login or personal details may be requested. You may also run the risk of your computer or smartphone being infected by viruses.

Once your personal details have been accessed, criminals can then record this information and use it to commit fraud crimes such as identity theft and bank fraud.

Phishing messages generally try to convince the recipient that they are from a trusted source.
 

Spear-phishing

This technique is used by criminals to use personal information to earn trust and lower the intended victim’s defences increasing the chances they may open attachments or embedded links.
 

Reporting suspicious emails

If you have received a fraudulent or suspicious email, and not responded to it please forward the email to [email protected]

However, if you have responded to the e-mail, and/or you suspect that any of your accounts with us have been accessed online by someone other than yourself, please contact our dedicated fraud team immediately.

Vishing is when criminals attempt to obtain sensitive and personal information, such as user names, passwords and card reader codes over the telephone.

Fraudsters use many techniques to obtain password and security credentials. Often a fraudster will call the victim and pretend to be the bank or a police official and ask for bank account details, card details, three-digit security numbers, PINs, online banking passcodes or telephone banking security passwords.

• Never give out any online passcodes/PINs or card details to anyone who phones you. If we phone you, we will never ask for this information.
• If you receive a call about your bank account or a transaction and have any doubts about the person’s true identity, hang up and call us on a known telephone number. 
  0131 225 8484 - General enquiries
  0131 278 3777 - Quorum MOB 24

This type of fraud predominantly targets businesses but individuals may still be targeted, especially those who buy and sell items online. Overpayment fraud is when a fraudster pays for goods or services by a fraudulent cheque. The cheque is made for a higher amount than the actual value.

The business reimburses the fraudster with the excess amount of money that was apparently paid to it in error, before the cheque gets returned unpaid.

Not only does the business not get paid for the goods or services, but also loses further money because of the ‘excess payment’ it paid the fraudster.

Cheque overpayment fraud is often a method used in employment opportunity scams or transactions for goods and services sold through classified adverts.

Cash point fraud

There are three main ways in which criminals try to steal cards, card details and PINs at cash machines.

1. Card-trapping devices

• A device is temporarily inserted into a cash machine’s card entry slot by a criminal.
• The device traps the card in the machine, not allowing the transaction to be processed.

The criminal will also attempt to find out the PIN, so cardholders who do not shield the keypad are at much greater risk of this type of fraud than those who do. Criminals attempt to get hold of the PIN either by:

• Looking over the client’s shoulder via a miniature pinhole camera fixed above the keypad.
• The criminal may even pretend to be a well meaning bystander who convinces the client to re-enter the PIN while they watch.

When the client gives up on the transaction, thinking that their card has been retained, they walk away from the machine. The criminal removes the device, along with the client’s card, which they use with the PIN to withdraw cash or to buy high-value goods in shops.

2. Skimming and pinhole camera devices

• Skimming is the term used to describe how a criminal copies a card’s electronic data.
• A criminal fits a skimming device over the cash machine’s card entry slot to copy the magnetic stripe details on the card.
• The criminal will also try to get hold of the cardholder’s PIN and sometimes will have attached a miniature camera above the keypad to film the client entering their PIN.
• Many clients will not notice these devices and will make their withdrawals as normal.
• The criminal uses the copied details to make a fake magnetic stripe card, which will be used - with the genuine PIN – at foreign cash machines or shops that haven’t yet been upgraded to Chip and PIN.

3. Shoulder-surfing

• A criminal watches the cardholder enter their PIN.
• The criminal will then steal the card using distraction techniques or pickpocketing, before using the stolen card and genuine PIN.

Clients who shield the keypad when they enter their PIN are much less likely to fall victim to this type of fraud.

Plastic card fraud

• Plastic card fraud involves the compromise of any personal information from credit, debit or store cards.

• The personal information stolen from a card, or the theft of a card itself, can be used to commit fraud.

• Fraudsters might use the information to purchase goods in your name or obtain unauthorised funds from an account.

• Plastic card fraud can also include ‘card not present’ fraud, such as the use of a card online, over the phone or by mail order, and counterfeit card fraud.

Malware is malicious software that consists of programming, for example code or scripts, designed to disrupt the performance of desktop computers, laptops, handheld devices etc.

Malware can also collect information or data from infected devices and pass them on to another device. Malware is often referred to as viruses, worms, trojan horses, spyware, dishonest adware, scareware, and crimeware.

Remote access can be a concern and can be obtained via rootkits. Most rootkits are used safely and securely to provide support to users, but some can be used for fraudulent purposes. Be certain that when you allow someone to remotely access your computer they are from a trusted source, for example, your internet service provider.

What malware can do:

• Spyware can track users, alert them to display advertising. When the user clicks on the link they can be taken to a website which is likely to install a virus or other malicious programming.
• Keyloggers can track users’ input on their keyboards. This is usually in an effort to commit bank fraud or to access personal login details.
• Scareware imitates valid software, e.g. antivirus packages to convince users that an upgrade is needed. This upgrade will have a fee attached to it and will not exist.
• Ransomware copies personal files or photos. A demand is then issued for money in return for the images or files. The consequence will be the online release of the images and files to third parties with the intention to embarrass the victim.

Mobile malware

Malicious software can also infect your smartphone. There are a number of ways this can be done:

• Fake/Malicious Apps
  One method to distribute malware is under the guise of a fake application that masquerades as a genuine or useful program.

• Quick Response (QR) codes
  QR codes are a type of barcode that store data such as text or a URL. They can direct a user to a website or launch an application (including email and SMS services). The codes are interpreted using the device’s camera and a scanning application.  The major risk associated with a QR code is that it is not possible to know what it contains, or links to, before it is scanned. They could be used to redirect you to a malicious website or prompt you to download a malicious app.

To protect yourself:

• Install the latest updates and security patches
• Enable device PINs/passwords to restrict access to a lost or stolen device
• Install an anti-malware application and software to assist recovery of your device or remotely wipe its data

Shopping and auction fraud involves fraudulent shopping scams that rely on the anonymity of the internet.

As the popularity of internet shopping and online auction sites grow, so do the number of complaints about online transactions. Some of the most common complaints involve:

• Buyers receiving goods late, or not at all.

• Sellers not receiving payment.

• Buyers receiving goods that are either less valuable than those advertised or significantly different from the original description.

• Failure to disclose relevant information about a product or the terms of sale.

How to protect yourself against card fraud

A recent scam has seen fraudsters convincing clients to key their PIN into their phone keypad and allowing a courier or someone dressed as a policeman to collect the card. Coutts, or any other bank and the police, will never request to collect your card or ask you for your PIN.

• Always shield your PIN when keying at a cash machine or while making purchases.
• If your card is taken by a cash machine call Quorum MOB 24 straight away. Your card may have been taken by a cash machine due to a fault but occasionally fraudsters will attach card trapping devices to cash machines. Once you leave the machine the fraudster will remove the card from the slot. Quorum MOB 24 will cancel your card straight away, order your new card and endeavour to ensure that you have access to cash if needed.
• When purchasing online only use secure websites – those with an address beginning with ‘https://’ where the padlock symbol is displayed. Also be careful if the product is being offered at a huge discount.
• If you are experiencing any issue with your card call Quorum MOB 24 on 0131 278 3777. It may be that your card has been damaged or there is another reason why your card is not working as expected.

• Don’t accept cheques from anyone unless you know and trust them, especially when a high-value cheque is involved. Alternatively consider other ways of accepting payment for high-value items – electronic payments are ideal. Be especially wary if the buyer is unwilling to pay or split the relatively small cost involved with you.

• Before releasing any goods ensure you are fully aware of the cheque clearing timescales and if you are in any doubt about whether a cheque has cleared then call Quorum MOB 24 on 0131 278 3777.

• Keep your cheque book in a safe place.

• Report any missing cheques immediately.

• If posting cheques consider checking these are received by the beneficiary. Also consider sending by secure post.

Counterfeit cheques

Counterfeit cheques are manufactured or printed on non-bank paper to look exactly like genuine cheques. Usually the bank details quoted are correct.

The fraudster either sends you the cheque or pays it directly into your account so you do not visually see the cheque.

• Never write down or divulge your security identification answers or passwords to anyone, unless you are certain that you are talking to a Quorum MOB member of staff.

• If in doubt hang up and call us back on a known Quorum MOB telephone number
  0131 225 8484 - Switchboard
  0131 278 3777 - Quorum MOB 24

• If you provide us with new contact details, you will receive a call from our security team to validate the details.

• If you provide us with a payment instruction you may receive a security call back.

• Always securely store your banking, financial and valuable personal documents, such as your passport.

• Shred all financial documents before you throw them away, ideally with a cross cut shredder.

• Be aware what personal information you share on social networking sites, for example, date of birth.

• A variety of ‘harmless’ communications in different formats can be used together to steal your identity or commit fraud.

• Goods offered can include shares, fine wine, gemstones, art, antiques and other rare high value items.

• In reality, the investment opportunity is a scam and what is offered is often over priced, very high risk and difficult to sell on, or non-existent.  

• Sometimes the investment can appear to be reassuringly expensive, and still a scam.

• Even traditional safe investments such as property can pose a risk – plots of agricultural land sold for development can in reality have virtually no development potential.

How to protect yourself against investment fraud

• Always seek reputable independent or legal advice before you commit to any investment.

• Before you hand over any money, ensure the firm you use is on the FCA register, and is therefore allowed to give financial advice.

• The FCA also maintains a regularly updated list of unauthorised businesses detailing those believed to be involved in fraudulent activities.

• If you need independent advice or are unsure what to do in the case of suspected fraud, call the FCA’s consumer helpline on 0845 606 1234

• You can also contact your Private Banker or Quorum MOB 24 on 0131 278 3777 if you have any concerns.

To protect yourself from online fraud:

• Never provide your personal details, including your card details, online username or passcodes in response to an email or telephone call.
• Install anti-virus and anti-phishing software on your computer and ensure they are kept up to date.
• Ensure your operating system is kept up to date.
• When purchasing online only use secure websites – those with an address beginning with https:// where the padlock symbol is displayed.
• Be cautious if you receive an email you are not expecting. Not all phishing e-mails are sent to large groups of random people. Spear-phishing is a term used when fraudsters target a specific individual with an email and attachment that the target is more likely to open as it will typically contain something of interest. For example, an email purporting to be from your gym with changing opening times, or a parcel that could not be delivered to you.

For mobile devices:

• Install the latest software updates and security patches
• Enable device PINs/passwords to restrict access to a lost or stolen device
• Install an anti-malware application and software to assist recovery of your device or remotely wipe its data.
   

Social Media

To protect yourself when using social media:

• Children can be targets who unwittingly reveal personal information, such as birthdays, schools, holidays and pet names to ‘friends’.
• Media and press interviews can be used to quickly build up a picture of an individual, when taken with information available through social media.
• Don’t let your audience know if you’re going away on business or holiday.
• Be aware of what friends post about you and your family’s activities.
• Be aware that sites such as Instagram, Pinterest and YouTube can carry the same risks as Facebook and Twitter.
• Understand your security settings and who you're sharing your information with.

Fraudsters use many techniques to obtain password and security credentials. Often a fraudster will call the victim and pretend to be the bank or a police official and ask for bank account details, card details, three-digit security numbers, PINs, online banking passcodes or telephone banking security passwords.

• Never give out any online passcodes/PINs or card details to anyone who phones you. If we phone you, we will never ask for this information.

• If you receive a call about your bank account or a transaction and have any doubts about the person’s true identity, hang up and call us on a known Quorum MOB telephone number.
  0131 225 8484 - Switchboard
  0131 278 3777 - Quorum MOB 24

Fraud websites

• Action Fraud
  The UK's national fraud and internet crime reporting centre. They provide a central point of contact for information about fraud and financially motivated internet crime. Report fraud through them and receive a police crime reference number.
• Get Safe Online
  UK government security service to help protect computers, mobile phones and other devices from malicious attack.
• Bank Safe Online
  Advice from a UK banking industry group about phishing, money mules and Trojans.

Credit check agencies

• Equifax
  Obtain a copy of you credit report to understand, manage and control your credit score.
• Experian
  Obtain a copy of you credit report to understand, manage and control your credit score.

Other

• CIFAS
  Provides comprehensive UK databases of confirmed fraud data, as well as a range of fraud prevention services, using the latest technology to protect organisations from the effects of fraud.
• Citizens Advice
  Offers free, impartial and independent advice about fraud or another topic.
• Financial Services Register
  A public record of all the firms, individuals and other bodies that the Financial Conduct Authority regulate.
• Financial Conduct Authority (FCA)
  The FCA regulate the financial services industry in the UK.
• UK Finance - It's Your Money
  UK Finance shows how financial services firms can help if you are a victim of financial abuse.