Out-Law News | 09 Oct 2014 | 5:24 pm | 3 min. read
Last month Financial Fraud Action UK (FFA) published statistics which revealed a rise in remote banking fraud losses during the first half of this year compared to the same period in 2013. The FFA identified telephone 'vishing' attacks as one of the contributors to the rise, as telephone bank fraud losses rose 20% to £6.6 million for the half year period.
'Vishing' is where a fraudster obtains personal information from their victims over the phone. In the context of bank fraud, the attack often involves a fraudster calling a bank customer, posing as a bank representative and reporting a problem with the customer's account and urging the customer to call an emergency number for the bank.
When the customer hangs up to call the emergency number the fraudster remains on the line and plays a fake dialling tone to the customer. When the customer dials the emergency number they are not connected with their bank but instead to an associate of the fraudster who then attempt to get the customer to divulge account information to them over the phone and convince them to hand over their bank card to couriers that later arrive to collect them.
The success of these types of attacks relies, in part, on incoming calls remaining connected to the receiving line even when the person receiving the call hangs up.
On some phone networks, calls can remain connected for approximately two minutes even after someone hangs up. Working with the Metropolitan Police and regulator Ofcom, UK telecoms providers have been taking steps to upgrade their systems to cut disconnection times.
"Over the last year, a number of telephone providers have made changes to their networks to cut the time a phone line remains open to a couple of seconds," an Ofcom spokesperson told Out-Law.com. "This action has stopped fraudsters from being able to stay on the line to impersonate a victim’s bank or the police – a key feature of how this scam works. We have also been working to drive awareness among consumers to help them avoid falling victim to courier fraud by supporting initiatives such as courier fraud awareness day."
According to Ofcom, TalkTalk, in September 2013, and Sky, in June this year, have already reduced the disconnection time on calls over their service to two seconds.
BT has reduced disconnection times to a maximum of 10 seconds for around six million customers on their network, but changes to the local exchanges used by the remaining two thirds of its customer base remain to be updated, the regulator said.
In a statement, BT said it is "committed to minimising the potential for third parties to exploit our network to commit fraud".
"We have cut the 'holding the line open' time for calls made to around six million customer phone lines (approximately a third of BT‘s local exchanges)," a BT spokesperson said. "For the remaining exchanges, which are more complicated to change, it will take us longer to make the necessary changes to reduce the time to two seconds. However, we expect that this will be completed within a year."
"We have tried to raise awareness of this and other scams to protect customers through articles on our website, bt.com, by supporting police and by using social media. We recognise that the target group of victims are elderly people and the tone of our messaging is awareness of the scam and to tell your friends and family about it," they said.
Ofcom said that Virgin cut call disconnection times to two seconds for about half of its customers earlier this month but that updates affecting the other 50% may take until summer next year to implement due to similar complications BT is grappling with.
Mobile operators have similarly been taking measures to cut disconnection times for calls made over their networks, it said.
"Statistics released by the police have revealed that the measures being taken to tackle this fraud are having a positive effect," Ofcom said. "The percentage of unsuccessful offences during the last year – where a call is made but card details are not handed over – has increased from 40 to 76%. Officers believe this success is due to a combination of intensive efforts by Ofcom and the telecommunications industry to cut the amount of time taken to disconnect a call, and increased public awareness of the scam."
In addition to the technical measures to combat vishing, raising consumer awareness of these types of scams and how they can be avoided has been identified as a necessary measure for improvement.
The British Bankers' Association is launching a new consumer-focused leaflet and website next week as part of a new campaign to warn bank customers about vishing. The campaign will feature information on the way consumers can tell whether they are speaking with their bank or with a fraudster, a BBA spokesperson told Out-Law.com.
"Despite banks spending millions on sophisticated systems to protect customers from fraud and cybercrime, some ruthless criminals continue to target victims directly with techniques like vishing," the BBA spokesperson said. "That’s why the BBA are launching a public awareness campaign to provide vital tips on what customers can do to avoid being caught out by these clever scams."