The scammer pretended to be calling to follow up about the fraudulent card transaction, aware by now that the card had been cancelled. Understandably convinced that he was speaking to the bank, Richard initially followed the instructions – to protect his current account by logging into online banking and setting up a new sort code and account number.
The scam caller then asked him to transfer his balance to the new ‘secure’ account which thankfully rang alarm bells. Richard told us:
“At this stage the penny finally dropped, and I told him I would prefer to call the bank myself to make sure that this was a legitimate exercise. He became very insistent and, essentially, tried to make me feel very guilty for wasting the bank’s time when they had called me to protect my money. When I asked him how I could be sure this was a genuine call he told me to look at the caller ID on my phone”
Fortunately, Richard stood his ground and called the genuine First Direct fraud team who confirmed that this was a scam. Which? reported the fake text and phishing website to both Royal Mail and the National Cyber Security Centre (NCSC)
. We also advised Richard to sign up for Cifas (£25 for two years) to protect against identity fraud
How to spot genuine Royal Mail communication
A Royal Mail spokesperson told us:
“Royal Mail will only send email and SMS notifications to customers in cases where the sender has requested this when using our trackable products that offer this service.’
The only time we would ask customers to make a payment by email or by SMS is in instances where a customs fee is due. In such cases, we would also leave a grey card telling customers that there’s a Fee to Pay before we can release the item. This would apply either to an international customs fee or to a surcharge for an underpaid item. This card may arrive later than the email or SMS. Royal Mail Group works hard to prevent and detect fraud.
We work with UK law enforcement agencies, Trading Standards and other organisations to share information and support robust proactive action against scams. Customers looking for advice on how to spot a fake notification should visit www.royalmail.com/scamprotection
. Here they can view examples of current scams, and get advice on appropriate action”
Is it really your bank calling?
As this example proves, scammers can use number spoofing software
to display false caller-ID information and trick you into thinking that their number belongs to your bank or another legitimate business.
Which? is also aware that many scam callers will attempt to trick you into installing remote access software
to ‘fix’ a spurious problem. This software is used by legitimate businesses – including the Which? Tech Support team and many IT support firms – but criminals abuse these tools to hack into email and bank accounts.
Call-blocking services and phones offer some respite from unwanted calls. But the easiest way to stay safe is to hang up and call back on a phone number you trust, such as the one on the back of your debit or credit card.
If you fall victim to fraud, contact your bank immediately and follow our step guide to getting your money back