UK businesses, charities, and individuals with high-value bank accounts are being targeted by a sophisticated scam where criminals impersonate bank security teams to steal life-changing sums of money.
The Anatomy of a Sophisticated Scam
This alarming fraud often begins with an unexpected phone call, sometimes preceded by a text message. The caller convincingly pretends to be from the victim's own bank, claiming that fraud has been detected on their account and that urgent action is required.
The victim is then directed to a fake website that mimics their bank's genuine site. Once there, they are instructed to click a 'chat' button. This simple action secretly installs software on their device, granting the fraudster remote access to their computer and online banking.
If the bank sends a one-time password or security code to the victim's phone, the criminal tricks them into sharing it. This allows the scammer to move money freely or set up new payees. In some extreme cases, victims are even persuaded to set up call forwarding, which blocks legitimate calls from their actual bank.
Millions at Stake as Fraudsters Evolve
According to intelligence from the Cyber Defence Alliance (CDA), fraudsters are using this method to steal tens of thousands of pounds, with some individual account losses exceeding £1 million.
In the run-up to International Fraud Awareness Week (November 16 to 22), the CDA has joined forces with the fraud prevention service Cifas and banking trade body UK Finance to raise public awareness of this devastating crime.
Garry Lilburn, Operations Director at CDA, advised: "If you receive a message or call that feels unusual, take a moment to consider whether it matches how your bank normally communicates. If anything seems off, end the call and report it using your bank’s official contact methods."
How to Protect Yourself from Remote Access Scams
Experts from the collaborating organisations have issued clear guidance to help the public avoid falling victim.
Mike Haley, CEO of Cifas, emphasised: "Fraudsters are creating a false sense of urgency to exploit people’s trust and steal large sums of money. Banks will never ask you to download software or transfer funds to protect your account. If you receive an unexpected request, take a step back and question it before responding."
Dianne Doodnath, Principal of Remote Banking Channels at UK Finance, echoed the Take Five to Stop Fraud advice: "Impersonation scams often begin with a message or call claiming to be from a trusted organisation. Criminals may try to rush you by saying your money is at risk. To protect yourself, pause, check the source and only respond using verified contact details."
Here are the essential tips to remember:
- Hang up and call your bank back using a number from your bank card or official app.
- Never trust a call just because it sounds professional – always verify the caller.
- Use the 159 service to connect directly to your bank’s fraud team.
- Never share one-time passwords or allow remote access to your device.
- Report suspect text messages by forwarding them to 7726.
Anyone who believes they may have been targeted by this scam should contact their bank and the police immediately.
