Jump to content
House Price Crash Forum

Authorised push payment scams


Recommended Posts

On 07/11/2017 at 3:24 PM, Houdini said:

Send a £1 initial payment. By a second method - either phone or in person check that the money has been received. Then send the rest of the money.

It's simple really....

 

Surely this is easily circumvented by any potential scammer. If they see  £1-£10 enter their scam account, they just immediately forward it to the correct destination account. 

When asked if the money has arrived the solicitor will confirm, but when the next payment goes through, it won't get forwarded of course.

Link to post
Share on other sites
Just now, curious1 said:

Surely this is easily circumvented by any potential scammer. If they see  £1-£10 enter their scam account, they just immediately forward it to the correct destination account. 

When asked if the money has arrived the solicitor will confirm, but when the next payment goes through, it won't get forwarded of course.

No because the receiver can confirm where the money came from as the payee details are part of the transaction record..

 

 

Link to post
Share on other sites

A work colleague got scammed (not push), and he was a fairly savvy IT programmer. The best bit was, once it was all sorted out with his bank, his bank called him up to check that everything now seemed okay, and, btw, could they just check his logon details to make sure they hadn't been tampered with? He was halfway through handing them over before the penny dropped... his expletives as he put the phone down were almost admiring.

On the other side of the coin, my bank rang me up after refusing a debit card payment (they thought I was still abroad). They took me through my security (random chars from pw, etc.). It was only afterwards that I realised that, as they'd called me, I should be the one doing a security check. I rang the bank to double-check it was them who had called (it was), and whether there was anything in place for me to confirm their identity. NADA. The only thing they could suggest was putting the phone down if they called, and then calling the bank's official number, "but you'll have trouble getting quickly connected to the right department". I suggested that I ought to be able to ask them for a random character from my PW, but this just confused them, "It's your password, not ours, so I don't see how that would help." Say lavvy.

Link to post
Share on other sites
On 07/11/2017 at 12:20 PM, knock out johnny said:

Interesting - so if the fraud account number is sent from an ip address in the solicitors' office, surely the solicitor is at fault for not having a secure enough system as the client takes the solicitors' instruction via email in good faith

Perhaps they should send payment emails from a standalone and 'sterile' pc which accepts no incoming email/no usb slots etc so cannot execute malicious email/allow snooping etc

I know someone who was caught. The scammer had intercepted a supplier's email (gmail) account, and could monitor those emails. When the supplier sent an itemised bill to the customer, the scammer copied the bill email, changed the sort code/ac number and resent the email from a very similar e email  a/c. It looked like the supplier had double emailed, and the scammed person took the second email and paid the wrong a/c... With hindsight you know, but its easy to be caught...

Link to post
Share on other sites
35 minutes ago, dryrot said:

I know someone who was caught. The scammer had intercepted a supplier's email (gmail) account, and could monitor those emails. When the supplier sent an itemised bill to the customer, the scammer copied the bill email, changed the sort code/ac number and resent the email from a very similar e email  a/c. It looked like the supplier had double emailed, and the scammed person took the second email and paid the wrong a/c... With hindsight you know, but its easy to be caught...

The nasty thing with gmail is that, once compromised, the scammer can set up a bunch of mail rules to make his job so much easier.

Link to post
Share on other sites
9 hours ago, tomandlu said:

On the other side of the coin, my bank rang me up after refusing a debit card payment (they thought I was still abroad). They took me through my security (random chars from pw, etc.). It was only afterwards that I realised that, as they'd called me, I should be the one doing a security check. I rang the bank to double-check it was them who had called (it was), and whether there was anything in place for me to confirm their identity. NADA. The only thing they could suggest was putting the phone down if they called, and then calling the bank's official number, "but you'll have trouble getting quickly connected to the right department". I suggested that I ought to be able to ask them for a random character from my PW, but this just confused them, "It's your password, not ours, so I don't see how that would help." Say lavvy.

This is key, and has been a problem for at least a decade! They are not confused by that last part - they know full well what they are doing, have been for years, and are deliberately pretending that they don't understand the massively obvious security problem with their approach.

They call YOU, and then have the temerity to demand you prove who you are.

No, no, no.

The second problem is the language they use, is phishing-type language. "Can you confirm your account number?" when they really are asking "can you GIVE ME your account number?".

The only correct answer to that question is "Sure. When you start reading out digits from my account number, I will be the one doing the confirming, and I'll be confirming if they are correct or not. You may now go ahead and start reading".

If you want me to give you information, then say so. Don't ask me to "confirm" something when you mean "hand it over to a stranger with no proof". Grrrrrrrrrrr!

 

Edited by mrtickle
Link to post
Share on other sites
9 hours ago, tomandlu said:

A work colleague got scammed (not push), and he was a fairly savvy IT programmer. The best bit was, once it was all sorted out with his bank, his bank called him up to check that everything now seemed okay, and, btw, could they just check his logon details to make sure they hadn't been tampered with? He was halfway through handing them over before the penny dropped... his expletives as he put the phone down were almost admiring.

Another recommendation - use an app like "Mr Number" or "Truecaller" if you have a smart phone. A genuine "smart" use of a phone. They look up a caller's number in their crowd-sourced internet databases, whilst the phone is ringing. You can see before you answer if the call is from a reported scammer. And set the app to dump scammer's calls without even disturbing you in many cases. I used to have it set to answer, then drop the calls - so that they got charged for the call (every little helps put them out of business), and didn't get my answer services clogged up with their messages.

 

Edited by mrtickle
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Recently Browsing   0 members

    No registered users viewing this page.



×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.