My close call with fraudsters shows how easy it is to be wiped out over
the phone
Martina Devlin
An incoming call lit up on my phone from an unfamiliar number, an Irish
mobile. I answered – and found myself caught up in a sophisticated and
plausible scam designed to empty my bank accounts and plunder my
contacts, targeting everyone on that list.
It almost worked, but I avoided the fraud – only for the identical
swindle to be tried again yesterday, 48 hours after the first attempt.
On both occasions the phone rang and an automated voice informed me of a
withdrawal against my Revolut account. “Press one to halt the
transaction or hang up to authorise it,” said the message. I knew better
the second time, but following the first approach, I pressed one and was
connected to a woman posing as a support agent for the payments app.
“Ma’am, have you authorised a Revolut payment of €79.99 to Amazon
Prime?” she asked. I said I hadn’t. “Then I’m afraid your account has
been hacked. We need to act fast to stop the money in your account being
stolen. There’s no time to lose, ma’am.”
She conveyed a sense of urgency, speaking in heavily accented but
otherwise perfect English. Every sentence had “ma’am” tagged on, which
was somehow reassuring – as though fraudsters don’t know the benefit of
politeness.
“Please cancel the transaction at once,” I said. “Can you do that?” She
said she could, provided I downloaded an app on to my phone. She
supplied its name but not its function. While we conversed on
speakerphone, I entered the app store and looked at it, scrolled down
and looked some more. The app allowed remote access to my phone. I
hesitated.
I should have hung up at that point but she kept talking in a friendly
fashion, while stressing the need for hurry. “This is to protect you,
ma’am. Your money isn’t safe unless you do it. We need to move quickly.”
She said reassuring things such as I wasn’t to give her any personal
data over the phone, inquired if I used Amazon often, and warned the
thieves would do one test purchase before emptying my account. Stupidly,
I downloaded the app.
The next stage was the crunch one: she instructed me to click a button
marked “accept”. At that, suspicion flared and I realised it was too
risky. “No, I’m going to hang up,” I said.
She warned I’d lose everything in my account, and said she was handing
me over to her supervisor. A man’s voice took over immediately – he must
have been standing beside her. Same accent but he was brisker, pushier,
more coercive. “Give me your number and I’ll ring you back,” I said. He
hung up.
Quickly, I deleted all bank account apps on my phone, including Revolut.
Then I went into my call history, found the 087 number they’d used, and
tried ringing it. An automated message said the number was unobtainable,
meaning some dodge is happening around Irish mobile phone numbers too.
All of a sudden, the extent of my lucky escape hit me. If the hoaxers
had gained remote access to everything kept on my mobile – and a huge
amount of information is stored on our smartphones – they could have
cleaned me out.
Two days later the ruse was tried on me again, suggesting a saturation
approach may be under way. This time it was a different Irish mobile
phone number but the same message to reel people in. I hung up, and
called back the number to see what would happen. It rang out, unanswered.
We’re living in a smartphone era. Smartphones deliver convenience, and a
wealth of information with a few clicks, but also expose us to risks.
Scam artists have a knack of sounding genuine; they prey on uncertainty,
and on their targets being less than tech-savvy. Victims get distracted,
pressurised, bamboozled and panicked.
Scams over the mobile phone network are becoming increasingly common.
Afterwards, I wondered how the crooks had my number but, unfortunately,
we can be too casual about sharing personal information.
And data breaches happen. In 2021 some 100,000 people had their personal
details accessed in a cyber attack on the Health Service Executive, with
the culprit thought to be a criminal gang operating from Russia.
Something else puzzled me later. How did they know I had a Revolut
account? I went online and saw there was a reasonable chance of it:
since its launch in 2015, Revolut has been downloaded by two million
people in Ireland alone.
Friends and family use it routinely to split a bill on a night out –
“I’ll Revolut you” is a common cry. It’s also a cheap way to pay for
expenses during foreign travel because a sum of money can be loaded on
to the account and any currency selected, meaning you aren’t hit with
extra charges.
But as this newspaper has argued in the past, Revolut’s use is too
widespread to be left unsupervised locally. The financial sector needs
to take additional steps to ensure customers are protected.
Last year, the Financial Services and Pensions Ombudsman was said to be
dealing with an increase in complaints related to Revolut, which is
authorised by the Bank of Lithuania and European Central Bank. Ireland’s
Central Bank regulates it for conduct of business rules.
So how do we protect ourselves in the meantime? Revolut says customers
should only deal with it over its app rather than on a phone call.
I’m trying to limit who I share my mobile number with. Over Christmas, I
was taken aback to be asked for it by cashiers in some shops, which I
found to be unnecessary and invasive.
Fake text messages also seem to be on the rise. The day after the first
fraudulent call, I received a text purportedly from eFlow warning I
hadn’t paid a toll road fee and should follow a link to do so or face a
€97.50 fine. I ignored it, but someone who drives a lot could be
hoodwinked into logging on to the fake “eFlow infoservice” website.
Three would-be hustles in one week, and two of them warning I was at
risk of being scammed – even as they attempted to scam me.
Irish Independent
===========================================================
The fb-exchange mailing list
Manage account,
List Page: https://www.freelists.org/list/fb-exchange
Archive: https://www.freelists.org/archive/fb-exchange
To unsubscribe: log onto the List page and select "Unsubscribe".
Administrative contact: insight@xxxxxxxxxxxxxxxxxxxx
===========================================================
