09 Oct 2015 9:59 AM

Yesterday the accounts payable team in our London office received a suspicious phone call from Malcolm Johnson purporting to be from our bank. Mr Johnson claimed that two ‘suspicious’ transactions, coming from a different IP address to the one we usually used, had been stopped from going out of our business account and he needed to confirm we had set them up.

His convincing opening question was,

'Have you set up two payments totalling £13,500 to a Mr Jason Foster, five minutes ago? If you haven’t set up these payments up, there must be a virus on your account, and your system has been hacked'.

He went on to tell us that fortunately our funds were in a ‘holding account’ and Mr Johnson advised us that to retrieve these fraudulent payments, we simply had to transfer £4,000 to a new ‘safe’ holding account that 'the bank’ would set up in our name, and then put everything back as it was. They would tell us our new sort and account code and we would make a transfer to ‘our’ new account.

We have certain processes and procedures in place to help identify and deter fraud and our experienced accounts team is alert to the possibility of fraud. The member of our accounts team (Miss T) who took the call was quick thinking and asked some key questions to ascertain the legitimacy of the caller.  She asked Mr Johnson how she could be sure that he was calling from our bank, to which he responded that he needed to identify us first.

What was his security question to identify us as the account holder? 'What are the first two digits of your sort code?'  All our bank accounts have the same 2 digits for the sort code, so hardly an identifying feature.

Miss T raised this point with Mr Johnson to which he responded 'Well what number do you call normally? I can call back from that number so you know I am from your bank' – sounds legit. However it’s very easy for scammers to change their caller ID so they can show up with whatever number they want – so there goes that proof.

Miss T wasn't convinced and she knew something wasn't right. Following the next step in our internal procedures she put the call through to the partner with the highest authorisation on the account.  The partner agreed that something felt wrong and ended the call, with Mr Johnson asking him to call him back as a matter of urgency.

In the time since the first call, we conducted some research and stumbled across this article in the Daily Mail about ‘Britain’s biggest ever telephone banking scam’. It makes for an interesting read and it is worrying to see just how many things in that tallied up with our phone call with Mr Johnson.

This type of crime is particularly damaging to businesses of all sizes. If you give details to a fraudster, or transfer money to them, then the bank isn’t liable and there is a good chance you will never see your money again. Of course if money is stolen from your account without you giving any details away then your bank may cover the loss. The best security is to be vigilant, have agreed processes in place and take your time.

It’s very easy to fall for these scams, particularly if you are under pressure with other jobs, or your line manager is away and you don’t want to make a mistake, but if you do receive a phone call like this that sets alarm bells ringing or makes you feel uncomfortable remember to:

  • Be suspicious and ask probing questions
  • Never let them take control of your computer remotely
  • Tell them you need to make some checks and terminate the telephone conversation
  • Wait at least ten minutes, or use a different phone line to phone your real bank’s fraud line
  • NEVER give personal details or security information to anyone over the phone unless you are 100% sure it is your bank

And... if you are still unsure, or you think you may have been a victim of fraud, either report it to the Police or Action Fraud, on 0300 123 2040