This growing crime is a form of identity theft, where a fraudster gains control of a victim’s bank account and then makes unauthorised payments. This usually happens in one of two ways:

  • the fraudster calls and socially engineers the victim to provide account details, giving them access or,
  • the fraudster persuades the victim to download software giving them access

Account Takeover via Telephone

This is typically when someone calls you pretending to be from HSBC or another trusted organisation, such as the Police or a utility provider, and persuades you to provide them with Digital Banking usernames, passwords, and secure key codes in order to stop a “fraudulent” payment. However, whilst you are on the call, they use this information to gain access to your internet banking and make fraudulent payments.

Phone Scams

Watch our recent webinar where we discuss different phone scams including Remote Access Takeovers

Protect yourself from remote access takeover

  • NEVER give out your Digital Banking usernames, passwords, Internet Banking Secure Key Codes, or any One Time Passcodes (OTPs)
  • REMEMBER, genuine phone numbers can be spoofed
  • Don't enter numbers on your keypad like *21* followed by phone number - this redirects all calls to the criminal including genuine fraud checks your bank make
  • Don’t be afraid to end a call and call the organisation back on a genuine number, using a different phone where possible

Remote Access Tools

The use of Remote Access Tools/Software has grown significantly over the last few years. There have been instances of computer ‘pop ups’ prompting you to call a fake number or, the fraudsters call you directly and persuade you to download software which they can then use to control your device. They again impersonate trusted organisations such as HSBC or your IT provider and, they inform you that you have a connection issue, a computer virus on your device or more commonly, they need you to logon to your digital banking so they can stop a fraudulent payment. Using the downloaded software, the fraudster can see your screen, control your device and has the opportunity to make payments out of your account.

Watch: Remote access tools

Reduce the risk of Remote Access Takeover

  • NEVER give out your Digital Banking usernames, passwords, Internet Banking Secure Key Codes, or any One Time Passcodes (OTPs)
  • Educate your staff – make sure everyone is aware of Remote Access Takeover fraud and have an escalation process in place
  • NEVER download Remote Access Software on to your device as a result of an unsolicited call, text message or browser pop up.
  • Verify any telephone numbers using an independent source, not one given to you on phone calls or internet pop ups
  • Incorporate a robust due diligence culture in your business for any payments which may include a two-tier approval

How to report Remote Access Takeover

If you believe you have been a victim of this type of fraud, please report it to us or your bank.

You should also report it to Action Fraud on 0300 123 2040 or via the Action Fraud website. If you are in Scotland, please report to Police Scotland directly by calling 101.

Further Resources

Take 5 – Stop, Challenge and Protect

NCSC – National Cyber Security Centre advice and guidance on a range of cyber topics