Fishing? No. Not a Yiddish or German or Austrian mispronunciation of ‘fishing’, but rather, a fraud and a scam by way of a cold call to fool you into parting with details about your bank account, and passwords so that they can gain access to your online banking and extract what they can from you.
How does it work?
Picture this: It is Friday afternoon. The last day of the month. People need to be paid, including staff, and suppliers. Contracts need to be completed, and the accounts department are processing invoices etc…in a rush.
They receive a telephone call from their Bank, asking to speak with the head of accounts, or with a Director (i.e. They look up the specific name of the person they need to speak with because it is all over social media websites and on your website where you thought you were being transparent in telling the public what people do, and what responsibilities they have within the business).
They then mention your business or personal relationship manager at the bank. This is done by way of a separate call several days earlier. They may mention the wrong name and ask you to confirm to update records. You give the name and they make a note of it.
When they call back on the Friday, they mention they are from the Fraud Detection Department of your Bank, and mention that they have already alerted your business manager (which they name).
They say that someone has tried to extract £20,000 (It could be any figure), from your Bank account, and they believe it to have been fraudulent so they have blocked the account for all monies going in and out.
You are going mad, because if they are stopping ALL payments, they are delaying payments and heading for complaints and problems. You will want to help them to unlock the account.
They then seek to take you through bank security. They may either play a message they have taken from the real Bank, or just ask you for various number/letters. They confirm they will never ask you for the full password and you should never give it out. They may side-line you by lecturing you on how careful you must be.
They ask for say the 1st, 3rd, and 5th digits. You give them properly, but they say it didn’t work. They then ask for say the 2nd, 4th, and 6th digits as the case may be. They now have almost your entire password. Did you realise?
They eventually confirm you have passed security checks and ask you to go into your online banking system. They may place you on hold, and you hear a recorded message from the Bank referring to calls being recorded for training and monitoring purposes. All sounds genuine. You hear background noise of other operators. (All of these recordings are just recordings. There is unlikely to be anyone else in the garage/shed/loft, where the call is being made from).
You wonder, for reasons unknown, whether all is correct, so you check the telephone number and google it. Yes. The number is a genuine looking number from your Bank (Did you know you can disguise your number to appear as another number?)
They ask you to call back. They give you a similar number and you get through to someone else. You ask to be put through to the person you were dealing with, and they put you through. Your fears are allayed once more and confidence is restored to your detriment and to the fraudsters advantage.
They ask you to place your card in the bank reader and to press various buttons in order to reset your account to send and receive monies. They say they need an authorisation code. You go along with it, in the rush to get business trading, and read out the code. After all, it is Friday afternoon and people must be paid!
Before you know it, your business has just had extracted from it, a considerable sum of money, towards the end of the day.
You call your Bank and they say your business relationship manager has gone home for the day.
You are confused but think it can wait until Monday.
The fraudster got away with it. You complain to the Bank, but the Bank say you were stupid for parting with your information and details. How many times do they have to tell you to be careful about what information you give out over the telephone? (They say, frustrated, and with an air of arrogance). They say there is nothing they can do. They tell you to call the Police.
That is only partly true, depending upon the circumstances. If you have been a victim of fraud through vishing and you want to be recompensed by the bank, there may be a way.
Have you reviewed your systems and procedures?
All of the above happened and is based on a true state of facts.
Professor David Rosen is a Solicitor-Advocate, Partner and head of Litigation at Darlingtons Solicitors LLP. He is a Certified Fraud Examiner. He is a board member of the Association of Certified Fraud Examiners UK Chapter, a member of the Fraud Advisory Panel, a member of RUSI, and an associate Professor of Law at Brunel University where he regularly lectures on counter-fraud and counter-corruption issues.
Haven't found what you need yet?
Why not search the whole site?