Leading UK fraud prevention organisations raise alarm on sophisticated mobile scam

• Criminals abuse one-time passwords to set-up digital wallets and steal details
• People urged to remain sceptical of ‘too good to be true’ offers
• Five tips to help consumers protect themselves from scammers

The UK’s leading fraud prevention services have joined forces to warn consumers about a sophisticated mobile scam which tricks customers into divulging banking one-time passwords and allows criminals to link card information onto digital wallets.

Driven by international organised crime groups posing as well-known brands and trusted retailers, scammers are luring consumers with attractive offers on social media or rogue SMS messages containing malicious links which consumers are encouraged to click on. These are often disguised as offers to ‘help’, such as to reduce winter heating bills by applying for a living allowance, as well as notifications about an undelivered parcel.

Once accessed, consumers are asked to enter their credit or debit card details. Following this they are sent a unique temporary one-time password, known as OTPs, via SMS. While these come from the consumer’s bank, the OTP has been requested by the criminals so that they can create a new digital wallet – such as Apple, Google or Samsung Pay – on a mobile phone and subsequently take control of the consumer’s account. As a result, they can make both online and in-store purchases using the victim’s card details – with ease and at pace.

Garry Lilburn, Operations Director at Cyber Defence Alliance, said: ‘Our investigations have shown that international organised crime groups are orchestrating these scams and selling on compromised card details so other criminals can easily buy goods and services. It is vital consumers remain sceptical of offers that are too good to be true and that ask for card details.’

Dianne Doodnath, Principal of Economic Crime at UK Finance, commented: ‘Criminals are sophisticated and will make every attempt to steal personal and financial information. We encourage customers to be alert to potential threats of fraud, be cautious of sharing personal and financial information and avoid sharing OTPs with requests out of the blue. If consumers think they’ve been scammed, it’s important to contact their bank immediately and report it to Action Fraud.’

Mike Haley, CEO of Cifas, added: ‘Scammers are using new technology to change their tactics at speed and find new ways to abuse consumers’ trust and steal from their bank accounts. We urge people to stop and think twice about any communications received unexpectedly and never act on urgency.’

Report suspicious text messages by forwarding to 7726. People should also contact their bank immediately, and report to Action Fraud on 0300 123 2040.

Advice to consumers

Always follow the advice of the Take Five to Stop Fraud campaign and ‘Stop, Challenge and Protect’ yourself from fraudulent attempts:

1. Take a moment to stop and think before parting with your money or information. It could keep you safe.
2. Ask yourself, could it be fake? It’s ok to reject, refuse or ignore any requests. Only criminals will try to rush or panic you.
3. Don’t click on links or open attachments in unsolicited SMS or emails, even if it appears to be from a company you know.
4. Get a second opinion from someone you trust about what you’ve received.
5. Be cautious of any ‘too good to be true’ offers.

ENDS

Notes to Editors

For more information, please contact Hayley Paterson, Cifas Press and PR Manager, on 020 4551 7072 or press@cifas.org.uk.

About Cyber Defence Alliance

The Cyber Defence Alliance (CDA) is a not-for-profit organisation. It performs a coordinating role, supporting banking members to prevent cyber-attacks, support law enforcement (LE) action, both collaboratively and proactively against cybercriminal networks, and helps prepare members to counter emerging fraud and cyber threats.

About UK Finance

UK Finance is the collective voice for the banking and finance industry. Representing more than 300 firms across the industry, we act to enhance competitiveness, support customers and facilitate innovation. 

Led by UK Finance, Take Five to Stop Fraud is a national campaign that offers straight-forward and impartial advice to help everyone protect themselves from financial fraud. 

About Cifas

Cifas is the UK’s leading not-for-profit fraud prevention service with over 775 members from across key economic sectors including banking, retail, insurance, and telecoms. Cifas protects businesses and individuals from fraud through the sharing of data and intelligence sharing between the private, public and third sectors. In addition to providing products and services which help businesses prevent more than £1.8bn in fraud losses each year, Cifas delivers specialist training through its Cifas Fraud and Cyber Academy and Digital Learning programme.

 Website | LinkedIn | X

Contact us at press@cifas.org.uk