Natasha Vernier
Jan 29, 2021

Secret Crime Fighters, Episode 7

Our next Secret Crime Fighter was alerted to a broadband scam that cost their customers thousands of pounds. Unfortunately, this typology is relevant to all banks, and there are indications that it is being used more frequently. Keep reading for the tell-tale signs that will help you identify it and protect your customers.

The Typology

Your Broadband is Compromised

The victims of this scam are contacted by someone purporting to be from Virgin Media, with news that their broadband has been compromised. In order to get rid of the virus that is compromising the broadband connection, the victims need to help Virgin Media, who are working with Interpol, to track the perpetrator.

Tracing the Virus with Virtual Money

In order to find the virus and track the perpetrator, the “Virgin Media” team tells the victim that they need to download a screen sharing app onto their phone, in this case AnyDesk. Once downloaded, “Virgin Media” says that they need to move virtual money through the victim’s bank accounts to see where the money goes.

The screen sharing app makes the victim’s phone screen go blank, giving the criminals unfettered access to the victim’s phone.

Once the criminals have access to the victim’s phone, they can read any notes or saved messages that may contain passwords or PIN codes, as well as accessing banking apps. The criminals then move money between the victim’s different accounts, and out to fraudulent beneficiaries.

The criminals are aware of the different bank account payment limits, and contact the victim over multiple days, each day requiring access to their phone via AnyDesk, and each day moving large amounts of money through the accounts and out to their beneficiaries.

Buying Time

At this point, if the victim grows suspicious and asks the “Virgin Media” team about the reducing balances on their accounts, the criminals are adept at buying more time. By using another screen sharing app, the criminals are able to convince the victim that a mock-up of a banking app showing the original balance of the account is real, and that the movements of money are just “virtual” money flows in order to trace the criminals.

In one of the cases our Secret Crime Fighter saw, the criminals moved many thousands of pounds through the victim’s different bank accounts across 4 different days and multiple transfers.

Unfortunately by the time the money has moved out of the victim’s account, the expectation is that it has been moved abroad.

Stopping the Typology

Our Secret Crime Fighter is tackling this typology using three different routes.

Firstly, new transaction monitoring rules have been tested and deployed. These look for inbound payments that come from accounts in the customer’s name, where the money is moved on very quickly. In addition, certain payment references have been used, such as “security”, “safe account”, and “HMRC”.

Secondly, their Cyber Security Team is looking into detecting when a customer has a screen sharing app downloaded on their phone, and the banking app is in use. With this knowledge it will be possible to push customers through Enhanced Due Diligence, additional verification steps, or even block outbound payments. Paytm in India have taken this approach already.

And finally, our Secret Crime Fighter is working on customer education. These criminals have targeted people in their mid-60s, no doubt hoping for less tech-savvy victims. Educating customers that they should never share their phone or computer screen with unknown parties, that no “virtual payments” will be needed for any kind of tracing, and that they should not trust cold calls from anyone, are all lessons desperately needed.

Thanks for reading our latest Secret Crime Fighters newsletter. If you have an interesting typology that you’d like to share, we’d love to hear about it! Please email us at [email protected].

Recent Posts

Our next Secret Crime Fighter was alerted to a broadband scam that cost their customers thousands of pounds. Unfortunately, this typology is relevant to all banks, and there are indications that it is being used more frequently. Keep reading for the tell-tale signs that will help you identify it and protect your customers.

The Typology

Your Broadband is Compromised

The victims of this scam are contacted by someone purporting to be from Virgin Media, with news that their broadband has been compromised. In order to get rid of the virus that is compromising the broadband connection, the victims need to help Virgin Media, who are working with Interpol, to track the perpetrator.

Tracing the Virus with Virtual Money

In order to find the virus and track the perpetrator, the “Virgin Media” team tells the victim that they need to download a screen sharing app onto their phone, in this case AnyDesk. Once downloaded, “Virgin Media” says that they need to move virtual money through the victim’s bank accounts to see where the money goes.

The screen sharing app makes the victim’s phone screen go blank, giving the criminals unfettered access to the victim’s phone.

Once the criminals have access to the victim’s phone, they can read any notes or saved messages that may contain passwords or PIN codes, as well as accessing banking apps. The criminals then move money between the victim’s different accounts, and out to fraudulent beneficiaries.

The criminals are aware of the different bank account payment limits, and contact the victim over multiple days, each day requiring access to their phone via AnyDesk, and each day moving large amounts of money through the accounts and out to their beneficiaries.

Buying Time

At this point, if the victim grows suspicious and asks the “Virgin Media” team about the reducing balances on their accounts, the criminals are adept at buying more time. By using another screen sharing app, the criminals are able to convince the victim that a mock-up of a banking app showing the original balance of the account is real, and that the movements of money are just “virtual” money flows in order to trace the criminals.

In one of the cases our Secret Crime Fighter saw, the criminals moved many thousands of pounds through the victim’s different bank accounts across 4 different days and multiple transfers.

Unfortunately by the time the money has moved out of the victim’s account, the expectation is that it has been moved abroad.

Stopping the Typology

Our Secret Crime Fighter is tackling this typology using three different routes.

Firstly, new transaction monitoring rules have been tested and deployed. These look for inbound payments that come from accounts in the customer’s name, where the money is moved on very quickly. In addition, certain payment references have been used, such as “security”, “safe account”, and “HMRC”.

Secondly, their Cyber Security Team is looking into detecting when a customer has a screen sharing app downloaded on their phone, and the banking app is in use. With this knowledge it will be possible to push customers through Enhanced Due Diligence, additional verification steps, or even block outbound payments. Paytm in India have taken this approach already.

And finally, our Secret Crime Fighter is working on customer education. These criminals have targeted people in their mid-60s, no doubt hoping for less tech-savvy victims. Educating customers that they should never share their phone or computer screen with unknown parties, that no “virtual payments” will be needed for any kind of tracing, and that they should not trust cold calls from anyone, are all lessons desperately needed.

Thanks for reading our latest Secret Crime Fighters newsletter. If you have an interesting typology that you’d like to share, we’d love to hear about it! Please email us at [email protected].

There’s more to read!

Resources