Four law firms have recently lost £2m from their client accounts after falling victim to scammers who tricked them into disclosing bank security information over the telephone, the Solicitors Regulation Authority has warned.
The regulator said the fraudsters gain the confidence of those they call – known as “social engineering” – to obtain important information and access account funds.
Specifically, they ask for ‘challenge and response’ codes, which are used to authenticate payments and in some cases digital banking log on and password credentials.
The SRA said that banks will never ask for passwords or response codes over the telephone.
Robert Loughlin, SRA executive director of operations, said: “These scammers are very active and convincing. They are highly sophisticated in their approach and therefore very capable of duping many people.”
Banks suggest that firms independently validate callers by contacting somebody they already know at the bank, preferably using a separate telephone line, for example a mobile line, as there have been examples of scammers keeping the line open to intercept any follow-on call to check – so-called vishing.
The news comes as Financial Fraud Action UK reported that consumers who fell victim to vishing lost at least £24m to fraudsters in the last year, more than treble the amount in the previous 12 months, with 58% of people saying they had received suspect calls over the same time.
Banks, building societies, card companies and the police have joined forces to highlight the problem, with a national advertising campaign planned to tell consumers what to look out for.
Other variations of the vishing fraud, as highlighted earlier this year by NatWest and RBS, include ultimately persuading customers to transfer money to a new bank account that has been opened so as to protect them from alleged fraudulent transactions.